Infix v23.11.0

Note: this is the first release where the root account is disabled in default builds. Only the admin user,
generated from factory-config, can log in to the system. This can be changed only in developer builds:
make menuconfig -> System configuration -> [*]Enable root login with password

YANG Status

• ieee802-ethernet-interface: Currently supported (read-only) features:

  • Status of auto-negotiation, and if enabled.
  • Current speed and duplex
  • Frame counters:

  YANG	Linux / Ethtool
  out-frames	FramesTransmittedOK
  out-multicast-frames	MulticastFramesXmittedOK
  out-broadcast-frames	BroadcastFramesXmittedOK
  in-total-octets	FramesReceivedOK
  	+ FrameCheckSequenceErrors
  	+ FramesLostDueToIntMACRcvError
  	+ AlignmentErrors
  	+ etherStatsOversizePkts
  	+ etherStatsJabbers
  in-frames	FramesReceivedOK
  in-multicast-frames	MulticastFramesReceivedOK
  in-broadcast-frames	BroadcastFramesReceivedOK
  in-error-undersize-frames	undersize_pkts
  in-error-fcs-frames	FrameCheckSequenceErrors

• ietf-system:

  • augments:
    • MotD (Message of the Day)
    • User login shell, default: /bin/false (no SSH or console login)
    • State information for remotely querying firmware version information
  • deviations:
    • timezone-name, using IANA timezones instead of plain string
    • UTC offset, only support per-hour offsets with tzdata
    • Usernames, clarifying Linux restrictions
    • Unsupported features marked as deviations, e.g. RADIUS
  • infix-system-software: firmware upgrade with install-bundle RPC

• ietf-interfaces:

  • deviation to allow read-write if:phys-address for custom MAC address
  • ietf-ip: augments
    • IPv4LL similar to standardized IPv6LL
  • ietf-ip: deviations (not-supported) added for IPv4 and IPv6:
    • /if:interfaces/if:interface/ip:ipv4/ip:address/ip:subnet/ip:netmask
    • /if:interfaces/if:interface/ip:ipv6/ip:address/ip:status
    • /if:interfaces/if:interface/ip:ipv4/ip:neighbor
    • /if:interfaces/if:interface/ip:ipv6/ip:neighbor
  • ietf-routing: Base model for routing
  • ietf-ipv4-unicast-routing: Static unicast routing, incl. operational
    data, i.e., setting static IPv4 routes and reading IPv4 routing table
  • infix-ethernet-interface: deviations for ieee802-ethernet-interface
  • infix-routing: Limit ietf-routing to one instance default per
    routing protocol, also details unsupported features (deviations)
  • infix-if-bridge: Linux bridge interfaces with native VLAN support
  • infix-if-type: deviation for interface types, limiting number
    to supported types only. New identities are derived from default
    IANA interface types, ensuring compatibility with other standard
    models, e.g., ieee802-ethernet-interface.yang
  • infix-if-veth: Linux VETH pairs
  • infix-if-vlan: Linux VLAN interfaces, e.g. eth0.10

• Configurable services:

  • ieee802-dot1ab-lldp: stripped down to an enabled setting
  • infix-services: support for enabling mDNS service/device discovery

Changes

• The CLI built-in command password generate has been changed to use the
  secure mode of the pwgen tool, and 13 chars for increased entropy
• The qemu.sh -c command, available in developer builds and the release zip,
  can now be used to modify the RAM size and enable VPD emulation
• Add support for overriding generated factory defaults in derivatives
  using a /etc/confdrc.lcocal file -- incl. updated branding docs.
• Add support for detecting factory reset condition from a bootloader
• Ensure /var is also cleared (properly) during factory reset
• Add support for port auto-negotiation status in operational datastore
• Add CLI support for showing veth pairs in show interfaces
• Speedups to CLI detailed view of a single interface
• Updated documentation of VLAN interfaces and VLAN filtering bridge
• Updated documentation for how to customize services in Hybrid Mode
• In RMA mode (runlevel 9), the system no longer has any login services
• Disable root login in all NETCONF builds, only admin available
• Add support for VPD data in ONIE EEPROM format
• Add iito, the intelligent input/output daemon for LED control
• Add port autoneg and speed/duplex status to operational data
• Upgrade Linux to v6.5.11, with kkit extensions
• Add support for static IPv4 routing using [email protected] and
  [email protected], one default instance only
• Add support for partitioning and self-provisioning of new devices
• Add support for reading admin user's default password from VPD. Devices
  that do not have a VPD can set a password hash in the device tree
• Add support for upgrading software bundles (images) from the CLI.
  Supported remote servers: ftp, tftp, and http/https.
• Traversing the CLI configure context has been simplified by collapsing all
  YANG containers that only contain a single list element. Example:
  edit interfaces interface eth0 becomes edit interface eth0
• Add CLI support for creating configuration backups and transferring files
  to/from remote servers: tftp, ftp, http/https (download only). Issue #155
• Add _netconf-ssh._tcp record to mDNS-SD

Fixes

• Fix #111: fix auto-inference of dynamic interface types (bridge, veth)
• Fix #125: improved feedback on invalid input in configure context
• Fix #198: drop bridge default PVID setting, for VLAN filtering bridge.
  All bridge ports must have explicit VLAN assignment (security)
• Fix #215: impossible to enable NTP client, regression from v23.06.0
• Fix regression in CLI show factory-config command
• Fix missing version in /etc/os-release variable PRETTY_NAME
• Fix failure to start podman in GNS3 (missing Ext4 filesystem feature)
• Fix initial terminal size probing in CLI when logging in from console port
• Fix CLI show running-config, use proper JSON format like other files
• Fix caching of libyang module references in confd. Loading other plugins to
  sysrepo-plugind modifies these references, which may can cause corruption
• Fix missing v in VERSION, VERSION_ID, and IMAGE_VERSION in
  /etc/os-release and other generated files for release builds.